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CLAIMS 

What is claimed is: 

1. A method for managing a local Terminal Equipment (TE) accessing a 
network, wherein a management list containing an identity of the local TE is 
configured in a Mobile Terminal (MT) and a user identity card is inserted in the MT, 
the method comprising the steps of: 

after receiving an authentication request identity message containing the identity 
of and from the local TE, the MT deciding according to the information of the TE 
identity in the management list whether to accept the request; 

if a decision is made to accept the request, the MT acquiring an identity of the 
user identity card and returning the identity to the TE, the TE accessing the network 
using this identity, and the procedure is over; otherwise, refusing to return the identity 
of the user identity card to the TE, and terminating the procedure. 

2. The method according to Claim 1, wherein said management list containing 
the identity of the local TE comprises a management list of TEs allowed to access; 
and wherein the deciding method comprises: 

the MT deciding whether the identity in the received request message exists in 
the management list of TEs allowed to access; 

if the identity exists in the management list, the MT acquiring the identity of the 
user identity card and returning the identity to the TE, the TE accessing the network 
using this identity, and the procedure is over; otherwise refusing to return the identity 
of the user identity card to the TE and terminating the procedure, or determining 
according to a policy of the user whether to return the identity of the user identity card 
to the TE. 
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3. The method according to Claim 1, wherein said management list containing 
the identity of the local TE comprises a management list of TEs forbidden to access; 
and wherein the deciding method comprises: 

the MT deciding whether the identity in the received request message exists in 
the management list of TEs forbidden to access; 

if the identity exists in the management list, refusing to return the identity of the 
user identity card to the TE and terminating the procedure, otherwise, determining 
according to a policy of the user whether to return the identity of the user identity card 
to the TE. 

4. The method according to Claim 1, wherein said management list containing 
the identity of the local TE comprises a management list of TEs allowed to access and 
a management list of TEs forbidden to access; and wherein the deciding method 
comprises: 

the MT deciding whether the identity in the received request message exists in 
the list of TEs allowed to access; if the identity exists in the management list of TEs 
allowed to access, the MT acquiring the identity of the user identity card and 
returning the identity to the TE, the TE accessing the network using this identity, and 
the procedure is over; if the identity does not exist in the management list of TEs 
allowed to access, the MT deciding whether the identity in the received request 
message exists in the list of TEs forbidden to access, if the identity exists in the 
management list of TEs forbidden to access, refusing to return the identity of the user 
identity card to the TE, and terminating the procedure; otherwise, refusing to return 
the identity of the user identity card to the TE, or determining whether to return the 
identity information of the user identity card to the TE according to a policy of the 
user. 
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5. The method according to Claim 2 or Claim 4, wherein the authentication 
request identity message comprises information of the authority identifier of the 
service to be requested, the method further comprising the steps of: 

setting in the management list of TEs allowed to access authority information for 
TE to access the network; 

after deciding according to the information of TE identity in the management list 
to accept the authentication identity request, the MT deciding whether the information 
of service authority identifier in the received request message is consistent with the 
authority information of the TE in the management list; 

if the information of service authority identifier in the authentication request 
identity message is consistent with the authority information in the management list of 
TEs allowed to access, the MT acquiring identity of the user identity card and 
returning the identity to the TE, the TE accessing the network using this identity, and 
the procedure is over; otherwise, refusing to return the identity of the user identity 
card to the TE, and terminating the procedure. 

6. The method according to Claim 5, further comprising the steps of: 

setting current state information of the TE in the management list of TEs allowed 
to access; and 

when the network allows only a limited number of TEs to access the network via 
an MT, after receiving an authentication request identity message containing the TE 
identity from the local TE, the MT first deciding according to the current state 
information of the TE in the management list whether the MT itself is serving the 
number of TEs as limited by the network; 

if the MT is serving the number of TEs as limited by the network, refusing to 
return the identity of the user identity card to the TE, and terminating the procedure; 
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otherwise, deciding according to the identity information of the TE whether to accept 
the request and continuing the subsequent steps. 

7. The method according to Claim 6, wherein the TE accessing the network 
using the identity comprises the steps of: 

after sending the identity to the network side and receiving an authentication 
request from the network side, the TE acquiring an authentication response value via 
the MT, forwarding the response value to the network side, and receiving an 
authentication response message from the network side; 

the TE receiving a message of successful authentication from the network side, 
forwarding the message of successful authentication to the MT; 

after receiving the message of successful authentication from the network side 
forwarded by the TE, the MT modifying the current state information of the TE in the 
management list of TEs allowed to access, making the information indicate an online 
state, then sending key(s) information to the TE, and the TE accessing the network 
using the received key(s) information; or, 

after sending the identity to the network side and receiving an authentication 
request from the network side, the TE acquiring an authentication response value via 
the MT, sending the authentication response value to the network side, and directly 
forwarding the received authentication response message from the network side to the 
MT; 

the MT, after deciding that a message of successful authentication is received 
from the network side, modifying the current state information of the TE in the 
management list of TEs allowed to access, making the information indicate an online 
state, then sending to the TE key(s) information, and the TE accessing the network 
using the received key(s) information. 
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8. The method according to Claim 7, further comprising the steps of: after the 
TE terminating the service communication with the network side, the network side 
sending to the TE a logoff notice containing the authority identifier of logoff, the TE 
forwarding the received logoff notice to the MT, and the MT, after receiving the 
logoff notice forwarded by the TE, modifying the current state information of the TE 
in the management list of TEs allowed to access, making the information indicate an 
unused state. 

9. The method according to Claim 8, further comprising the steps of: when not 
having received a logoff notice sent from the TE that has been identified as in the 
online state for a preset period of time, the MT modifying the state information of this 
TE, making the information indicate the unused state. 

10. The method according to Claim 8, when the MT modifies the state 
information of the TE in the management list of TEs allowed to access to make the 
information indicate the online state, further comprising the steps of: 

stamping the time on the modified state information; wherein 

when the MT receives a new authentication identity request and decides 
according to the current state information of the TE in the management list that the 
MT itself is serving a number of TEs as limited by the network, the method further 
comprises: 

deciding whether the time difference between the current time and the time 
indicated by the time stamp on the state information of the TE has exceeded a preset 
time threshold; 

if the time difference has exceeded the preset time threshold, modifying the state 
information of the TE, and making the information indicate the unused state; 
otherwise, refusing to return the identity of the user identity card to the TE, and 
terminating the procedure. 
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11. The method according to Claim 1, wherein the process of the TE accessing 
the network using the identity comprises: 

the TE making an authentication with the network side using the identity, and 
receiving the authentication response message from the network side; 

the TE deciding whether the received authentication response message is a 
message of successful authentication; 

if the received authentication response message is a message of successful 
authentication, the TE sending a notice of successful authentication to the MT, 
receiving key(s) information from the MT, and accessing the network using the 
received key(s) information; otherwise, terminating the procedure; or, 

the TE making authentication with the network side using the identity, and 
forwarding the received authentication response message from the network side to the 
MT; 

the MT deciding whether the received authentication response message is a 
message of successful authentication; 

if the received authentication response message is a message of successful 
authentication, the MT sending key(s) information to the TE, and the TE accessing 
the network using the received key(s) information; otherwise, terminating the 
procedure. 

12. The method according to Claim 1, wherein at least one management list is 
set in the MT, and each management list is corresponding to a user identity card. 

13. The method according to Claim 12, wherein the user identity card 
comprises a Subscriber Identity Module (SIM) of GSM, a USIM of 3GPP, or an ISIM 
of IP multimedia subsystem. 
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14. A method for managing a local TE accessing a network, with a user 
identity card inserted in a MT, the method comprising the steps of: 

after receiving an authentication request identity message from the TE, the MT 
requiring the identity of the user from the identity card, sending the identity to the TE; 

the TE performing authentication with the network, deciding whether the 
authentication is successful; 

if the authentication is successful, the MT sending key(s) information to the TE, 
and the TE accessing the network using the received key(s) information; otherwise, 
terminating the procedure. 

15. A method according to Claim 14, wherein the process of deciding whether 
the authentication is successful comprises: 

after receiving the authentication response message from the network, the TE 
deciding whether the authentication is successful; 

if the authentication is successful, confirming that the authentication is 
successful; otherwise, terminating the procedure; wherein 

after deciding that the authentication is successful, the method further comprises: 
the TE sending a notice of successful authentication to the MT, and the MT sending 
the key(s) information to the TE. 

16. The method according to Claim 14, wherein the process of deciding whether 
the authentication is successful comprises the steps of: 

after receiving the authentication response message from the network, the TE 
forwarding the authentication response message to the MT, and the MT deciding 
whether the authentication is successful; 
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if the authentication is successful, confirming that the authentication is 
successful; otherwise, terminating the procedure 

1 7. The method according to Claim 14, further comprising the steps of: 

setting in the MT a management list containing the identity of the local TE; 

after the MT receiving an authentication request identity message containing the 
identity of TEs from the local TE, the method further comprising the steps of: 

the MT deciding according to the identity information of TE in the management 
list whether to accept the request; 

if a decision is made to accept the request, continuing the subsequent steps; 
otherwise, refusing to return the identity of the user identity card to the TE and 
terminating the procedure. 
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